How to Get a Meaningful Security Assessment

The curriculum of business schools are filled with case studies of companies that took short cuts to become competitive and accomplished the exact opposite.  For the information security world, there is a similar “penny-wise, pound-foolish” behavior in the notorious “Checkbox Assessment.”  These are security or compliance assessments that have little basis in reality and are […]

Intrusion Prevention Endgame

All good things must come to an end.  In the late 90’s I was fortunate to be involved with the development of one of the first intrusion prevention systems (BlackICE).  It was a defining job for me since I learned so much working with the NetworkICE people, notably Robert Graham, Clinton Lum, and the late […]

UTM v NGFW: A Single Shade of Gray

What is the difference between Unified Threat Management (UTM) and Next Generation Firewalls (NGFW)? Anitian explored these two technologies and finds they are much more similar than some people want you to believe.

Packet Goes Where? The Value of Firewall Naming Conventions

A zillion or so years ago, humans developed writing. This was a big deal for civilization. People could document things like how to get rid of lice, defend castles from Huns and which berries are toxic.  Civilization would have quickly succumbed to lice, toxic berries and Huns were it not for the foresight of learned […]

Cultural Zero-Day: How Poor Leadership Begets Security Weakness

In the ten years Anitian has been working incident response and digital forensic cases, our analysts have observed many ingenious ways to break into systems and applications.  However, they rarely encounter an ingenious root cause for the vulnerabilities.  After all the analysis and disk imaging is complete, the root cause is almost always the same: […]